Java验证微信公众号token、url

@WebServlet(asyncSupported = true, urlPatterns = { "/portal" })
public class ServerPortal extends HttpServlet {
private static final long serialVersionUID = 1L;
private static final String token = "tokenPortal";
    /**
     * @see HttpServlet#HttpServlet()
     */
    public ServerPortal() {
        super();
        // TODO Auto-generated constructor stub
    }


/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String signature = request.getParameter("signature");
        String timestamp = request.getParameter("timestamp");
        String nonce = request.getParameter("nonce");
        String echostr = request.getParameter("echostr");
        System.out.println("signature===" + signature + "timestamp=====" + 
        timestamp + "nonce========"+nonce + "echostr======"+echostr);
        if (null != timestamp && null != nonce && null != echostr
                && null != signature) {
            if (config(token, signature, timestamp, nonce)) {
                response.getWriter().write(echostr);
                return;
            }
            return;
        } else {
            return;
        }
    }
    public static boolean config(String token,String signature,String timestamp,String nonce) {
        List<String> ss = new ArrayList<String>();
        ss.add(timestamp);
        ss.add(nonce);
        ss.add(token);
         
        Collections.sort(ss);
         
        StringBuilder builder = new StringBuilder();
        for(String s : ss) {
            builder.append(s);
        }
        return signature.equalsIgnoreCase(getSha1(builder.toString()));
}
    
    public static String getSha1(String str){
        if(str==null||str.length()==0){
            return null;
        }
        char hexDigits[] = {'0','1','2','3','4','5','6','7','8','9',
                'a','b','c','d','e','f'};
        try {
            MessageDigest mdTemp = MessageDigest.getInstance("SHA1");
            mdTemp.update(str.getBytes("UTF-8"));


            byte[] md = mdTemp.digest();
            int j = md.length;
            char buf[] = new char[j*2];
            int k = 0;
            for (int i = 0; i < j; i++) {
                byte byte0 = md[i];
                buf[k++] = hexDigits[byte0 >>> 4 & 0xf];
                buf[k++] = hexDigits[byte0 & 0xf];      
            }
            return new String(buf);
        } catch (Exception e) {
            // TODO: handle exception
            return null;
        }
    }
    
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}